Build Openssl + FIPS - recursive fipsld

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Build Openssl + FIPS - recursive fipsld

Luís Martins
Hi,

    I'm trying to build openssl with FIPS module on Ubuntu 14.04 32 bits, but during one of the steps the fipsld tool starts being called recursively.

    It happens on this step:
sh -c ( :; LIBDEPS="${LIBDEPS:--L.. -lssl  -L.. -lcrypto -ldl -L/usr/local/lib -lz}"; LDCMD="${LDCMD:-/usr/local/ssl/fips2.0/bin/fipsld}"; LDFLAGS="${LDFLAGS:--DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -O3 -fomit-frame-pointer -Wall -I/usr/local/ssl/fips2.0/include}"; LIBPATH=`for x in $LIBDEPS; do echo $x; done | sed -e 's/^ *-L//;t' -e d | uniq`; LIBPATH=`echo $LIBPATH | sed -e 's/ /:/g'`; LD_LIBRARY_PATH=$LIBPATH:$LD_LIBRARY_PATH ${LDCMD} ${LDFLAGS} -o ${APPNAME:=openssl} openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o ${LIBDEPS} )
fipsld -e /usr/local/ssl/fips2.0/bin/fipsld -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -O3 -fomit-frame-pointer -Wall -I/usr/local/ssl/fips2.0/include -o openssl openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o -L.. -lssl -L.. -lcrypto -ldl -L/usr/local/lib -lz
fipsld -e /usr/local/ssl/fips2.0/bin/fipsld /usr/local/ssl/fips2.0/lib//fipscanister.o /usr/local/ssl/fips2.0/lib/fips_premain.c -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -O3 -fomit-frame-pointer -Wall -I/usr/local/ssl/fips2.0/include -o openssl openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o -L.. -lssl -L.. -lcrypto -ldl -L/usr/local/lib -lz
fipsld -e /usr/local/ssl/fips2.0/bin/fipsld /usr/local/ssl/fips2.0/lib/fips_premain.c /usr/local/ssl/fips2.0/lib//fipscanister.o /usr/local/ssl/fips2.0/lib/fips_premain.c -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -fPIC -O3 -fomit-frame-pointer -Wall -I/usr/local/ssl/fips2.0/include -o openssl openssl.o verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o ca.o pkcs7.o crl2p7.o crl.o rsa.o rsautl.o dsa.o dsaparam.o ec.o ecparam.o x509.o genrsa.o gendsa.o genpkey.o s_server.o s_client.o speed.o s_time.o apps.o s_cb.o s_socket.o app_rand.o version.o sess_id.o ciphers.o nseq.o pkcs12.o pkcs8.o pkey.o pkeyparam.o pkeyutl.o spkac.o smime.o cms.o rand.o engine.o ocsp.o prime.o ts.o srp.o -L.. -lssl -L.. -lcrypto -ldl -L/usr/local/lib -lz

    It keeps calling fipsld recursively, with each call adding one more "/usr/local/ssl/fips2.0/lib/fips_premain.c" to the command.
    Any idea what am I missing ?

    My build steps are:

export FIPSDIR="/usr/local/ssl/fips2.0"
export MACHINE=linux-generic32
export CC="/usr/local/ssl/fips2.0/bin/fipsld"
export FIPSLD_CC="gcc"
export FIPS_SIG="/tmp/openssl-fips-2.0.16/util/incore"

# build openssl fips module
cd /tmp/
curl -O https://www.openssl.org/source/openssl-fips-2.0.16.tar.gz
gunzip -c openssl-fips-2.0.16.tar.gz | tar xf -
cd openssl-fips-2.0.16
./config
make
make install

# build openssl
cd /tmp
curl -O https://www.openssl.org/source/openssl-1.0.2n.tar.gz
tar -zxf openssl-1.0.2n.tar.gz
cd /tmp/openssl-1.0.2n
./Configure \
    --prefix=/usr/local \
    linux-generic32 \
    -fPIC \
    no-shared \
    no-capieng \
    fips \
    --with-fipsdir="/usr/local/ssl/fips2.0" \
    zlib \
    no-zlib-dynamic \
    --with-zlib-include="/usr/local/include" \
    --with-zlib-lib="/usr/local/lib"
make all -j1
make build_libs

--
Luís

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users